Authentication

The Chamilo API uses JWT (JSON Web Tokens) for authentication, implemented via lexik/jwt-authentication-bundle.

Obtaining a Token

Send a POST request to the authentication endpoint:

POST /api/authentication_token
Content-Type: application/json

{
  "username": "admin",
  "password": "your-password"
}

Response:

{
  "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9..."
}

Using the Token

Include the token in the Authorization header of subsequent requests:

GET /api/users
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9...

Token Lifecycle

Tokens have a configurable expiration time
When a token expires, the client must request a new one
JWT keys are stored in config/jwt/ (private and public keys)

Generating JWT Keys

php bin/console lexik:jwt:generate-keypair

This creates:

config/jwt/private.pem — Private key for signing tokens
config/jwt/public.pem — Public key for verifying tokens

Configure the passphrase in .env:

JWT_PASSPHRASE=your-passphrase

API Documentation

When APP_ENABLE_API_ENTRYPOINT=1 is set in the environment, the API documentation is available at /api. This provides an interactive Swagger/OpenAPI interface for exploring and testing endpoints.

PreviousAPI NextEndpoints Reference

Last updated 4 days ago

Was this helpful?

hashtagObtaining a Token

hashtagUsing the Token

hashtagToken Lifecycle

hashtagGenerating JWT Keys

hashtagAPI Documentation

Obtaining a Token

Using the Token

Token Lifecycle

Generating JWT Keys

API Documentation